Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / a9f0fc4cf884d233e29e4574260741730d67cb91
commita9f0fc4cf884d233e29e4574260741730d67cb91[log] [tgz]
authorMichael Schaffner <msf@opentitan.org>Tue Jun 08 16:56:56 2021 -0700
committerMichael Schaffner <msf@google.com>Wed Jun 09 11:20:38 2021 -0700
tree4ccc969cbb485a9cb8964ae9810548b9d5b14143
parentc22bc4c9695146ed62ca576a0b070d4b7ca37216 [diff]
[otp_ctrl] Refine escalation behavior in life cycle partition

Previously, all OTP partitions could be moved into escalation mode
externally via `escalate_en_i`.
This can cause issues with the escalation action sequencing, since
"wipe secrets" (`escalate_en_i`) is usually triggered a couple of cycles
before triggering the "life cycle state scrap" action to allow for
clearing of local state.
If the OTP life cycle partition can be moved into escalation state via
`escalate_en_i`, this separation is no longer possible, since this
action would immediately scrap the life cycle state as well.
Therefore, the `escalate_en_i` signal is disconnected from the OTP life
cycle partition.

This should not have any major impact on security, since

1) glitching of that partition can still be detected immediately, and
the partition responds by scrapping the life cycle state.

2) the "life cycle state scrap" escalation action implemented inside the
life cycle controller takes care of invalidating the life cycle state
and all life cycle signal outputs as part of the escalation protocol.

Signed-off-by: Michael Schaffner <msf@opentitan.org>
1 file changed
tree: 4ccc969cbb485a9cb8964ae9810548b9d5b14143
  1. .github/
  2. ci/
  3. doc/
  4. hw/
  5. site/
  6. sw/
  7. test/
  8. util/
  9. .clang-format
  10. .dockerignore
  11. .flake8
  12. .gitignore
  13. .style.yapf
  14. .svlint.toml
  15. .svls.toml
  16. _index.md
  17. apt-requirements.txt
  18. azure-pipelines.yml
  19. check_tool_requirements.core
  20. CLA
  21. COMMITTERS
  22. CONTRIBUTING.md
  23. LICENSE
  24. meson.build
  25. meson_init.sh
  26. meson_options.txt
  27. python-requirements.txt
  28. README.md
  29. tool_requirements.py
  30. toolchain.txt
  31. topgen-generator.core
  32. topgen-reg-only.core
  33. topgen.core
  34. yum-requirements.txt
README.md

OpenTitan

OpenTitan logo

About the project

OpenTitan is an open source silicon Root of Trust (RoT) project. OpenTitan will make the silicon RoT design and implementation more transparent, trustworthy, and secure for enterprises, platform providers, and chip manufacturers. OpenTitan is administered by lowRISC CIC as a collaborative project to produce high quality, open IP for instantiation as a full-featured product. See the OpenTitan site and OpenTitan docs for more information about the project.

About this repository

This repository contains hardware, software and utilities written as part of the OpenTitan project. It is structured as monolithic repository, or “monorepo”, where all components live in one repository. It exists to enable collaboration across partners participating in the OpenTitan project.

Documentation

The project contains comprehensive documentation of all IPs and tools. You can access it online at docs.opentitan.org.

How to contribute

Have a look at CONTRIBUTING and our documentation on project organization and processes for guidelines on how to contribute code to this repository.

Licensing

Unless otherwise noted, everything in this repository is covered by the Apache License, Version 2.0 (see LICENSE for full text).